From f2a177ddd2c4be7b2e2579a0bcd9d576a52ca216 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Fri, 19 Oct 2012 12:00:27 -0400
Subject: [PATCH] Don't expose binary format in preauth otp

ticket: 7417 (new)
target_version: 1.11
tags: pullup
---
 src/include/krb5/krb5.hin      | 1 -
 src/lib/krb5/krb/preauth_otp.c | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index e515e8a01d..6a4f995a64 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -6408,7 +6408,6 @@ krb5_prompter_posix(krb5_context context, void *data, const char *name,
 #define KRB5_RESPONDER_OTP_FORMAT_DECIMAL 0
 #define KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL 1
 #define KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC 2
-#define KRB5_RESPONDER_OTP_FORMAT_BINARY 3
 
 /**
  * This flag indicates that the token value MUST be collected.
diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c
index ef012bd899..27157c5266 100644
--- a/src/lib/krb5/krb/preauth_otp.c
+++ b/src/lib/krb5/krb/preauth_otp.c
@@ -181,7 +181,8 @@ codec_encode_tokeninfo(krb5_otp_tokeninfo *ti, k5_json_object *out)
     if (retval != 0)
         goto error;
 
-    if (ti->format != KRB5_OTP_FORMAT_BASE64) {
+    if (ti->format != KRB5_OTP_FORMAT_BASE64 &&
+        ti->format != KRB5_OTP_FORMAT_BINARY) {
         retval = codec_int32_to_value(ti->format, obj, "format");
         if (retval != 0)
             goto error;
-- 
2.47.3